1. Field of the Invention
The present invention relates to a security system in a network comprised of rerote terminals in communication with a central processor and particularly to a security system in such a network wherein any given terminal verifies that an assigned user of that terminal is authorized to use that terminal and then the central processor verifies that that terminal is authorized to access specific data or services from the central processor relative to the assigned user.
2. Description of the Prior Art
The establishment of large distributed data processing and computing systems, utilizing a large number of remote terminals has given rise to concerns relative to the security of the systems. Such security concerns particularly exist in those computing systems which require the access or exchange of substantial monetary value. Such computing systems require means whereby an individual requesting service by a system be adequately identified as being appropriately authorized to use the system before the service can be provided.
In addition to the identity of the would-be user, the determination of the range of previously authorized services appropriate to any given identified user must be performed in a consistent, secure manner.
The most common method for verifying the identity of a user in current systems of the type of interest is with the use of the so-called Personal Identity Number (PIN). Typically, the user is required to correctly enter a multi-digit number (or letter) string into the terminal keyboard. The security rests on the premise that the particular number combination of the PIN is legally known only to the specific user and the host or central computer of the system being accessed.
In one implementation the PIN is transmitted through the terminal to the host computer where the PIN is compared to the contents of a host or central file (customer or user account file), as identified by the user's account number, to verify that the PIN is correct for the assigned user number or account number assigned to the user. The user number or account number may be entered at the terminal level by some semi-automatic means such as a magnetic stripe card reader, e.g., the account number is read from the contents of the magnetic stripe on a credit card or debit card issued by many financial institutions.
If a security method of the type previously described is carefully analyzed, the following potential problems could compromise the system security.
(1) Since the PIN, when properly used by the correct user, is retained only in the user's memory and is never visually recorded, it must not contain an unreasonable number of digits or characters if the human mind is to cope with it. Over the years, many experiments (particularly by the telephone companies) tend to indicate that the human mind cannot accurately retain more than about seven random digits at one time. In practice, PINs are generally four or five digits in length.
(2) Once the PIN is entered into the terminal, it must be transmitted along with the account number to the host computer before it can be verified. Less secure systems may transmit the PIN over the communication network in a non-encoded or non-encrypted form, i.e., in so-called "clear-text". Somewhat more secure systems would encrypt the PIN before it is transmitted to the host computer. However, a criminal can fraudulently connect (tap) to the communication line. Even if that criminal is unable to determine the exact number (character) string of a specific PIN itself, he could become aware that a specific coded combination of digits appearing on the communication line always results in a PIN input message being accepted by the host computer. In that event, any time that that criminal re-duplicates the coded combination of digits by various fraudulent means, he would be able to enjoy the "rewards" of any following instruction, such as "issue cash".
(3) Looking broadly at the total system, messages containing a PIN may pass through one or more local units, such as a local communication network controller or local processor, before being encrypted and placed on a communication line for transmission to the distant host computer, where the account files reside and the PIN can be verified. It is possible that a knowledgeable criminal can gain access to the cables connected to the local controller or to the memory of the local processor and thereby successfully obtain valid, pre-encrypted PINs or inject fraudulent, but profitable, messages into the system. It is also possible that a knowledgeable person could obtain a listing of PIN numbers and associated accounts from the host computer for fraudulent use.
The background art known to the applicants at the time of the filing of this application is as follows:
U.S. Pat. No. 3,641,315, System For Automatically Conducting Office Work Required for Transactions At a Bank and the Like, by M. Nagata et al.;
U.S. Pat. No. 3,846,622, Access Control Apparatus, by M. R. Meyer;
U.S. Pat. No. 3,934,122, Electronic Security Card and System for Authenticating Card Ownership, by J. A. Riccitelli;
U.S. Pat. No. 4,094,462, Method and Means for Providing and Testing Secure Identification Data, by J. L. Moschner;
U.S. Pat. No. 4,295,041, Device for the Protection of Access to a Permanent Memory of a Portable Data Carrier, by M. Ugon;
U.S. Pat. No. 4,317,957, System for Authenticating Users and Devices in On-Line Transaction Networks, by M. Sendrow;
U.S. Pat. No. 4,357,529, Multilevel Security Apparatus and Method, by M. M. Atalla; and
U.S. Pat. No. Re. 29,057, Electronic Identification System Employing a Data Bearing Identification Card, by O. C. Enikeieff et al.